Hello, I have (had) a strange problem which I cannot even reproduce. To make it worse, I use version 2.0.15.
I have created a key on a secure system, exportet the public keys, the secret keys and the secret subkeys to three files and imported the public and subkeys on another system. I could not configure this key for the use in KMail (without any error message). Thus I tried to make a signature. Verifying the signature led to this output (in German and as I cannot reproduce the problem...): start cmd:> gpg --verify test.html.BBEA218E.sig test.html gpg: Signatur vom Fr 29 Okt 2010 22:31:49 CEST gpg: mittels RSA-Schlüssel 0x95C20EF1 gpg: Korrekte Signatur von "Hauke Laging (Offline-Hauptschlüssel) ... gpg: Beglaubigungsrichtlinie: http://www.hauke-laging.de/openpgp/policy.html gpg: WARNUNG: Dieser Schlüssel trägt keine vertrauenswürdige Signatur! gpg: Es gibt keinen Hinweis, daß die Signatur wirklich dem vorgeblichen Besitzer gehört. Haupt-Fingerabdruck = AFF8 7529 66BE F70C A514 9618 650F 4F91 BBEA 218E Unter-Fingerabdruck = A65D A538 6A73 21E0 01F3 C2BF F78C 4FD6 95C2 0EF1 It says: This key has no trustworthy signature. There is no hint that the signature belongs to the claimed owner. Then I read the comments in the config file which says: "GnuPG ultimately trusts all keys in the secret keyring." I have the secret keys – except for the main key. I can create a signature with this key. I then put both this key and the one which has signed it in the config file: trusted-key 650F4F91BBEA218E ... After that the warning disappeared (and KMail accepted the key). I thought that the reason was the missing secret main key (which would not make sense and would be considered by me as a bug). Just for fun I removed the "trusted- key" entries. And even though this should be the same configuration as before the warning did not appear again. Thus I cannot (easily) reproduce it. There are other keys without secret main key which do not cause this problem. The reason may be that my normal key is configured as default key and the other ones are signed by it. However, I do not understand why the problem is "solved" now. Does gpg note anywhere (trustdb?) that a key was valid so that the secret main key checking is skipped? CU Hauke -- PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
